policy

package
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 10, 2021 License: AGPL-3.0 Imports: 9 Imported by: 16

Documentation

Index

Constants

View Source
const (
	// AbortMultipartUploadAction - AbortMultipartUpload Rest API action.
	AbortMultipartUploadAction Action = "s3:AbortMultipartUpload"

	// CreateBucketAction - CreateBucket Rest API action.
	CreateBucketAction = "s3:CreateBucket"

	// DeleteBucketAction - DeleteBucket Rest API action.
	DeleteBucketAction = "s3:DeleteBucket"

	// ForceDeleteBucketAction - DeleteBucket Rest API action when x-minio-force-delete flag
	// is specified.
	ForceDeleteBucketAction = "s3:ForceDeleteBucket"

	// DeleteBucketPolicyAction - DeleteBucketPolicy Rest API action.
	DeleteBucketPolicyAction = "s3:DeleteBucketPolicy"

	// DeleteObjectAction - DeleteObject Rest API action.
	DeleteObjectAction = "s3:DeleteObject"

	// GetBucketLocationAction - GetBucketLocation Rest API action.
	GetBucketLocationAction = "s3:GetBucketLocation"

	// GetBucketNotificationAction - GetBucketNotification Rest API action.
	GetBucketNotificationAction = "s3:GetBucketNotification"

	// GetBucketPolicyAction - GetBucketPolicy Rest API action.
	GetBucketPolicyAction = "s3:GetBucketPolicy"

	// GetObjectAction - GetObject Rest API action.
	GetObjectAction = "s3:GetObject"

	// HeadBucketAction - HeadBucket Rest API action. This action is unused in minio.
	HeadBucketAction = "s3:HeadBucket"

	// ListAllMyBucketsAction - ListAllMyBuckets (List buckets) Rest API action.
	ListAllMyBucketsAction = "s3:ListAllMyBuckets"

	// ListBucketAction - ListBucket Rest API action.
	ListBucketAction = "s3:ListBucket"

	// GetBucketPolicyStatusAction - Retrieves the policy status for a bucket.
	GetBucketPolicyStatusAction = "s3:GetBucketPolicyStatus"

	// ListBucketMultipartUploadsAction - ListMultipartUploads Rest API action.
	ListBucketMultipartUploadsAction = "s3:ListBucketMultipartUploads"

	// ListBucketVersionsAction - ListBucket versions Rest API action.
	ListBucketVersionsAction = "s3:ListBucketVersions"

	// ListenNotificationAction - ListenNotification Rest API action.
	// This is MinIO extension.
	ListenNotificationAction = "s3:ListenNotification"

	// ListenBucketNotificationAction - ListenBucketNotification Rest API action.
	// This is MinIO extension.
	ListenBucketNotificationAction = "s3:ListenBucketNotification"

	// ListMultipartUploadPartsAction - ListParts Rest API action.
	ListMultipartUploadPartsAction = "s3:ListMultipartUploadParts"

	// PutBucketNotificationAction - PutObjectNotification Rest API action.
	PutBucketNotificationAction = "s3:PutBucketNotification"

	// PutBucketPolicyAction - PutBucketPolicy Rest API action.
	PutBucketPolicyAction = "s3:PutBucketPolicy"

	// PutObjectAction - PutObject Rest API action.
	PutObjectAction = "s3:PutObject"

	// PutBucketLifecycleAction - PutBucketLifecycle Rest API action.
	PutBucketLifecycleAction = "s3:PutLifecycleConfiguration"

	// GetBucketLifecycleAction - GetBucketLifecycle Rest API action.
	GetBucketLifecycleAction = "s3:GetLifecycleConfiguration"

	// BypassGovernanceRetentionAction - bypass governance retention for PutObjectRetention, PutObject and DeleteObject Rest API action.
	BypassGovernanceRetentionAction = "s3:BypassGovernanceRetention"
	// PutObjectRetentionAction - PutObjectRetention Rest API action.
	PutObjectRetentionAction = "s3:PutObjectRetention"

	// GetObjectRetentionAction - GetObjectRetention, GetObject, HeadObject Rest API action.
	GetObjectRetentionAction = "s3:GetObjectRetention"
	// GetObjectLegalHoldAction - GetObjectLegalHold, GetObject Rest API action.
	GetObjectLegalHoldAction = "s3:GetObjectLegalHold"
	// PutObjectLegalHoldAction - PutObjectLegalHold, PutObject Rest API action.
	PutObjectLegalHoldAction = "s3:PutObjectLegalHold"
	// GetBucketObjectLockConfigurationAction - GetObjectLockConfiguration Rest API action
	GetBucketObjectLockConfigurationAction = "s3:GetBucketObjectLockConfiguration"
	// PutBucketObjectLockConfigurationAction - PutObjectLockConfiguration Rest API action
	PutBucketObjectLockConfigurationAction = "s3:PutBucketObjectLockConfiguration"

	// GetBucketTaggingAction - GetTagging Rest API action
	GetBucketTaggingAction = "s3:GetBucketTagging"
	// PutBucketTaggingAction - PutTagging Rest API action
	PutBucketTaggingAction = "s3:PutBucketTagging"

	// GetObjectTaggingAction - Get Object Tags API action
	GetObjectTaggingAction = "s3:GetObjectTagging"
	// PutObjectTaggingAction - Put Object Tags API action
	PutObjectTaggingAction = "s3:PutObjectTagging"
	// DeleteObjectTaggingAction - Delete Object Tags API action
	DeleteObjectTaggingAction = "s3:DeleteObjectTagging"

	// PutBucketEncryptionAction - PutBucketEncryption REST API action
	PutBucketEncryptionAction = "s3:PutEncryptionConfiguration"
	// GetBucketEncryptionAction - GetBucketEncryption REST API action
	GetBucketEncryptionAction = "s3:GetEncryptionConfiguration"

	// PutBucketVersioningAction - PutBucketVersioning REST API action
	PutBucketVersioningAction = "s3:PutBucketVersioning"
	// GetBucketVersioningAction - GetBucketVersioning REST API action
	GetBucketVersioningAction = "s3:GetBucketVersioning"

	// DeleteObjectVersionAction - DeleteObjectVersion Rest API action.
	DeleteObjectVersionAction = "s3:DeleteObjectVersion"

	// DeleteObjectVersionTaggingAction - DeleteObjectVersionTagging Rest API action.
	DeleteObjectVersionTaggingAction = "s3:DeleteObjectVersionTagging"

	// GetObjectVersionAction - GetObjectVersionAction Rest API action.
	GetObjectVersionAction = "s3:GetObjectVersion"

	// GetObjectVersionTaggingAction - GetObjectVersionTagging Rest API action.
	GetObjectVersionTaggingAction = "s3:GetObjectVersionTagging"

	// PutObjectVersionTaggingAction - PutObjectVersionTagging Rest API action.
	PutObjectVersionTaggingAction = "s3:PutObjectVersionTagging"

	// GetReplicationConfigurationAction  - GetReplicationConfiguration REST API action
	GetReplicationConfigurationAction = "s3:GetReplicationConfiguration"
	// PutReplicationConfigurationAction  - PutReplicationConfiguration REST API action
	PutReplicationConfigurationAction = "s3:PutReplicationConfiguration"

	// ReplicateObjectAction  - ReplicateObject REST API action
	ReplicateObjectAction = "s3:ReplicateObject"

	// ReplicateDeleteAction  - ReplicateDelete REST API action
	ReplicateDeleteAction = "s3:ReplicateDelete"

	// ReplicateTagsAction  - ReplicateTags REST API action
	ReplicateTagsAction = "s3:ReplicateTags"

	// GetObjectVersionForReplicationAction  - GetObjectVersionForReplication REST API action
	GetObjectVersionForReplicationAction = "s3:GetObjectVersionForReplication"

	// RestoreObjectAction - RestoreObject REST API action
	RestoreObjectAction = "s3:RestoreObject"
	// ResetBucketReplicationStateAction - MinIO extension API ResetBucketReplicationState to reset replication state
	// on a bucket
	ResetBucketReplicationStateAction = "s3:ResetBucketReplicationState"
)
View Source
const DefaultVersion = "2012-10-17"

DefaultVersion - default policy version as per AWS S3 specification.

View Source
const ResourceARNPrefix = "arn:aws:s3:::"

ResourceARNPrefix - resource ARN prefix as per AWS S3 specification.

Variables

This section is empty.

Functions

func Errorf

func Errorf(format string, a ...interface{}) error

Errorf - formats according to a format specifier and returns the string as a value that satisfies error of type policy.Error

Types

type Action

type Action string

Action - policy action. Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html for more information about available actions.

func (Action) IsValid

func (action Action) IsValid() bool

IsValid - checks if action is valid or not.

func (Action) MarshalJSON

func (action Action) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Action to JSON data.

func (*Action) UnmarshalJSON

func (action *Action) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Action.

type ActionSet

type ActionSet map[Action]struct{}

ActionSet - set of actions.

func NewActionSet

func NewActionSet(actions ...Action) ActionSet

NewActionSet - creates new action set.

func (ActionSet) Add

func (actionSet ActionSet) Add(action Action)

Add - add action to the set.

func (ActionSet) Clone

func (actionSet ActionSet) Clone() ActionSet

Clone clones ActionSet structure

func (ActionSet) Contains

func (actionSet ActionSet) Contains(action Action) bool

Contains - checks given action exists in the action set.

func (ActionSet) Equals

func (actionSet ActionSet) Equals(sactionSet ActionSet) bool

Equals - checks whether given action set is equal to current action set or not.

func (ActionSet) Intersection

func (actionSet ActionSet) Intersection(sset ActionSet) ActionSet

Intersection - returns actions available in both ActionSet.

func (ActionSet) MarshalJSON

func (actionSet ActionSet) MarshalJSON() ([]byte, error)

MarshalJSON - encodes ActionSet to JSON data.

func (ActionSet) String

func (actionSet ActionSet) String() string

func (ActionSet) ToSlice

func (actionSet ActionSet) ToSlice() []Action

ToSlice - returns slice of actions from the action set.

func (*ActionSet) UnmarshalJSON

func (actionSet *ActionSet) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to ActionSet.

type Args

type Args struct {
	AccountName     string              `json:"account"`
	Groups          []string            `json:"groups"`
	Action          Action              `json:"action"`
	BucketName      string              `json:"bucket"`
	ConditionValues map[string][]string `json:"conditions"`
	IsOwner         bool                `json:"owner"`
	ObjectName      string              `json:"object"`
}

Args - arguments to policy to check whether it is allowed

type Effect

type Effect string

Effect - policy statement effect Allow or Deny.

const (
	// Allow - allow effect.
	Allow Effect = "Allow"

	// Deny - deny effect.
	Deny = "Deny"
)

func (Effect) IsAllowed

func (effect Effect) IsAllowed(b bool) bool

IsAllowed - returns if given check is allowed or not.

func (Effect) IsValid

func (effect Effect) IsValid() bool

IsValid - checks if Effect is valid or not

type Error

type Error struct {
	// contains filtered or unexported fields
}

Error is the generic type for any error happening during policy parsing.

func (Error) Error

func (e Error) Error() string

Error 'error' compatible method.

func (Error) Unwrap

func (e Error) Unwrap() error

Unwrap the internal error.

type ID

type ID string

ID - policy ID.

func (ID) IsValid

func (id ID) IsValid() bool

IsValid - checks if ID is valid or not.

type Policy

type Policy struct {
	ID         ID `json:"ID,omitempty"`
	Version    string
	Statements []Statement `json:"Statement"`
}

Policy - bucket policy.

func ParseConfig

func ParseConfig(reader io.Reader, bucketName string) (*Policy, error)

ParseConfig - parses data in given reader to Policy.

func (Policy) IsAllowed

func (policy Policy) IsAllowed(args Args) bool

IsAllowed - checks given policy args is allowed to continue the Rest API.

func (Policy) IsEmpty

func (policy Policy) IsEmpty() bool

IsEmpty - returns whether policy is empty or not.

func (Policy) MarshalJSON

func (policy Policy) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Policy to JSON data.

func (Policy) Merge

func (policy Policy) Merge(input Policy) Policy

Merge merges two policies documents and drop duplicate statements if any.

func (*Policy) UnmarshalJSON

func (policy *Policy) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Policy.

func (Policy) Validate

func (policy Policy) Validate(bucketName string) error

Validate - validates all statements are for given bucket or not.

type Principal

type Principal struct {
	AWS set.StringSet
}

Principal - policy principal.

func NewPrincipal

func NewPrincipal(principals ...string) Principal

NewPrincipal - creates new Principal.

func (Principal) Clone

func (p Principal) Clone() Principal

Clone clones Principal structure

func (Principal) Equals

func (p Principal) Equals(pp Principal) bool

Equals - returns true if principals are equal.

func (Principal) Intersection

func (p Principal) Intersection(principal Principal) set.StringSet

Intersection - returns principals available in both Principal.

func (Principal) IsValid

func (p Principal) IsValid() bool

IsValid - checks whether Principal is valid or not.

func (Principal) MarshalJSON

func (p Principal) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Principal to JSON data.

func (Principal) Match

func (p Principal) Match(principal string) bool

Match - matches given principal is wildcard matching with Principal.

func (*Principal) UnmarshalJSON

func (p *Principal) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Principal.

type Resource

type Resource struct {
	BucketName string
	Pattern    string
}

Resource - resource in policy statement.

func NewResource

func NewResource(bucketName, keyName string) Resource

NewResource - creates new resource.

func (Resource) IsValid

func (r Resource) IsValid() bool

IsValid - checks whether Resource is valid or not.

func (Resource) MarshalJSON

func (r Resource) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Resource to JSON data.

func (Resource) Match

func (r Resource) Match(resource string, conditionValues map[string][]string) bool

Match - matches object name with resource pattern.

func (Resource) String

func (r Resource) String() string

func (*Resource) UnmarshalJSON

func (r *Resource) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Resource.

func (Resource) Validate

func (r Resource) Validate(bucketName string) error

Validate - validates Resource is for given bucket or not.

type ResourceSet

type ResourceSet map[Resource]struct{}

ResourceSet - set of resources in policy statement.

func NewResourceSet

func NewResourceSet(resources ...Resource) ResourceSet

NewResourceSet - creates new resource set.

func (ResourceSet) Add

func (resourceSet ResourceSet) Add(resource Resource)

Add - adds resource to resource set.

func (ResourceSet) Clone

func (resourceSet ResourceSet) Clone() ResourceSet

Clone clones ResourceSet structure

func (ResourceSet) Equals

func (resourceSet ResourceSet) Equals(sresourceSet ResourceSet) bool

Equals - checks whether given resource set is equal to current resource set or not.

func (ResourceSet) Intersection

func (resourceSet ResourceSet) Intersection(sset ResourceSet) ResourceSet

Intersection - returns resouces available in both ResourcsSet.

func (ResourceSet) MarshalJSON

func (resourceSet ResourceSet) MarshalJSON() ([]byte, error)

MarshalJSON - encodes ResourceSet to JSON data.

func (ResourceSet) Match

func (resourceSet ResourceSet) Match(resource string, conditionValues map[string][]string) bool

Match - matches object name with anyone of resource pattern in resource set.

func (ResourceSet) String

func (resourceSet ResourceSet) String() string

func (ResourceSet) ToSlice

func (resourceSet ResourceSet) ToSlice() []Resource

ToSlice - returns slice of resources from the resource set.

func (*ResourceSet) UnmarshalJSON

func (resourceSet *ResourceSet) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to ResourceSet.

func (ResourceSet) Validate

func (resourceSet ResourceSet) Validate(bucketName string) error

Validate - validates ResourceSet is for given bucket or not.

type Statement

type Statement struct {
	SID        ID                  `json:"Sid,omitempty"`
	Effect     Effect              `json:"Effect"`
	Principal  Principal           `json:"Principal"`
	Actions    ActionSet           `json:"Action"`
	Resources  ResourceSet         `json:"Resource"`
	Conditions condition.Functions `json:"Condition,omitempty"`
}

Statement - policy statement.

func NewStatement

func NewStatement(effect Effect, principal Principal, actionSet ActionSet, resourceSet ResourceSet, conditions condition.Functions) Statement

NewStatement - creates new statement.

func (Statement) Clone

func (statement Statement) Clone() Statement

Clone clones Statement structure

func (Statement) Equals

func (statement Statement) Equals(st Statement) bool

Equals checks if two statements are equal

func (Statement) IsAllowed

func (statement Statement) IsAllowed(args Args) bool

IsAllowed - checks given policy args is allowed to continue the Rest API.

func (Statement) MarshalJSON

func (statement Statement) MarshalJSON() ([]byte, error)

MarshalJSON - encodes JSON data to Statement.

func (*Statement) UnmarshalJSON

func (statement *Statement) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Statement.

func (Statement) Validate

func (statement Statement) Validate(bucketName string) error

Validate - validates Statement is for given bucket or not.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL